Subversion Repositories configs

Rev

Details | Last modification | View Log | RSS feed

Rev Author Line No. Line
192 - 1
# Fail2Ban configuration file
2
#
3
# Enable "log-auth-failures" on each Sofia profile to monitor
4
# <param name="log-auth-failures" value="true"/>
5
# -- this requires a high enough loglevel on your logs to save these messages.
6
#
7
# In the fail2ban jail.local file for this filter set ignoreip to the internal
8
# IP addresses on your LAN.
9
#
10
 
11
[INCLUDES]
12
 
13
# Read common prefixes. If any customizations available -- read them from
14
# common.local
15
before = common.conf
16
 
17
[Definition]
18
 
19
_daemon = freeswitch
20
 
21
# Parameter "mode": normal, ddos or extra (default, combines all)
22
# Usage example (for jail.local):
23
#   [freeswitch]
24
#   mode = normal
25
#   # or with rewrite filter parameters of jail:
26
#   [freeswitch-ddos]
27
#   filter = freeswitch[mode=ddos]
28
#
29
mode = extra
30
 
31
# Prefix contains common prefix line (server, daemon, etc.) and 2 datetimes if used systemd backend
32
_pref_line = ^%(__prefix_line)s(?:(?:\d+-)?\d+-\d+ \d+:\d+:\d+\.\d+)?
33
 
34
prefregex = ^%(_pref_line)s \[WARN(?:ING)?\](?: \[SOFIA\])? \[?sofia_reg\.c:\d+\]? <F-CONTENT>.+</F-CONTENT>$
35
 
36
cmnfailre = ^Can't find user \[[^@]+@[^\]]+\] from <HOST>$
37
 
38
mdre-normal = %(cmnfailre)s
39
              ^SIP auth failure \((REGISTER|INVITE)\) on sofia profile \'[^']+\' for \[[^\]]*\] from ip <HOST>$
40
 
41
mdre-ddos   = ^SIP auth (?:failure|challenge) \((REGISTER|INVITE)\) on sofia profile \'[^']+\' for \[[^\]]*\] from ip <HOST>$
42
 
43
mdre-extra  = %(cmnfailre)s
44
              <mdre-ddos>
45
 
46
failregex = <mdre-<mode>>
47
 
48
ignoreregex =
49
 
50
datepattern = ^(?:%%Y-)?%%m-%%d[ T]%%H:%%M:%%S(?:\.%%f)?
51
              {^LN-BEG}
52
 
53
# Author: Rupa SChomaker, soapee01, Daniel Black, Sergey Brester aka sebres
54
# https://freeswitch.org/confluence/display/FREESWITCH/Fail2Ban
55
# Thanks to Jim on mailing list of samples and guidance
56
#
57
# No need to match the following. Its a duplicate of the SIP auth regex.
58
#  ^\.\d+ \[DEBUG\] sofia\.c:\d+ IP <HOST> Rejected by acl "\S+"\. Falling back to Digest auth\.$